mirror of
https://github.com/kevinveenbirkenbach/linux-image-manager.git
synced 2024-11-24 08:01:03 +01:00
Added signature verification (untested). See AI chat: https://chatgpt.com/share/b521328b-7d7e-4b51-ae1a-9efec2f307c6
This commit is contained in:
parent
ca6951d1fe
commit
c5b091e3b3
@ -172,6 +172,8 @@ case "$operation_system" in
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
info "Verifying image..."
|
||||||
|
info "Verifying checksum..."
|
||||||
if [ -z "$image_checksum" ]; then
|
if [ -z "$image_checksum" ]; then
|
||||||
for ext in sha1 sha512 md5; do
|
for ext in sha1 sha512 md5; do
|
||||||
sha_download_url="$download_url.$ext"
|
sha_download_url="$download_url.$ext"
|
||||||
@ -186,7 +188,6 @@ if [ -z "$image_checksum" ]; then
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
info "Verifying image..."
|
|
||||||
if [[ -v image_checksum ]]
|
if [[ -v image_checksum ]]
|
||||||
then
|
then
|
||||||
(info "Checking md5 checksum..." && echo "$image_checksum $image_path"| md5sum -c -) ||
|
(info "Checking md5 checksum..." && echo "$image_checksum $image_path"| md5sum -c -) ||
|
||||||
@ -197,6 +198,45 @@ if [[ -v image_checksum ]]
|
|||||||
warning "Verification is not possible. No checksum is defined."
|
warning "Verification is not possible. No checksum is defined."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
info "Verifying signature..."
|
||||||
|
signature_download_url="$download_url.sig"
|
||||||
|
info "Try to download image signature from $signature_download_url."
|
||||||
|
|
||||||
|
if wget -q --method=HEAD "$signature_download_url"; then
|
||||||
|
signature_name="${image_name}.sig"
|
||||||
|
signature_path="${image_folder}${signature_name}"
|
||||||
|
|
||||||
|
info "Download the signature file"
|
||||||
|
if wget -q -O "$signature_path" "$signature_download_url"; then
|
||||||
|
info "Extract the key ID from the signature file"
|
||||||
|
key_id=$(gpg --status-fd 1 --verify "$signature_path" "$image_path" 2>&1 | grep 'NO_PUBKEY' | awk '{print $NF}')
|
||||||
|
|
||||||
|
if [ -n "$key_id" ]; then
|
||||||
|
info "Check if the key is already in the keyring"
|
||||||
|
if gpg --list-keys "$key_id" > /dev/null 2>&1; then
|
||||||
|
info "Key $key_id already in keyring."
|
||||||
|
else
|
||||||
|
info "Import the public key"
|
||||||
|
gpg --keyserver keyserver.ubuntu.com --recv-keys "$key_id"
|
||||||
|
fi
|
||||||
|
|
||||||
|
info "Verify the signature again after importing the key"
|
||||||
|
if gpg --verify "$signature_path" "$image_path"; then
|
||||||
|
info "Signature verification succeeded."
|
||||||
|
else
|
||||||
|
warning "Signature verification failed."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
warning "No public key found in the signature file."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
warning "Failed to download the signature file."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
warning "No signature found under $signature_download_url."
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
make_mount_folders
|
make_mount_folders
|
||||||
|
|
||||||
set_partition_paths
|
set_partition_paths
|
||||||
|
Loading…
Reference in New Issue
Block a user